RUSTSEC-2023-0035

Source
https://rustsec.org/advisories/RUSTSEC-2023-0035
Import Source
https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2023-0035.json
JSON Data
https://api.osv.dev/v1/vulns/RUSTSEC-2023-0035
Aliases
Published
2023-04-17T12:00:00Z
Modified
2023-11-08T04:22:24.773741Z
Summary
Adverserial use of `make_bitflags!` macro can cause undefined behavior
Details

The macro relied on an expression of the form Enum::Variant always being a variant of the enum. However, it may also be an associated integer constant, in which case there's no guarantee that the value of said constant consists only of bits valid for this bitflag type.

Thus, code like this could create an invalid BitFlags<Test>, which would cause iterating over it to trigger undefined behavior. As the debug formatter internally iterates over the value, it is also affected.

use enumflags2::{bitflags, make_bitflags};

#[bitflags]
#[repr(u8)]
#[derive(Copy, Clone, Debug)]
enum Test {
    A = 1,
    B = 2,
}

impl Test {
    const C: u8 = 69;
}

fn main() {
    let x = make_bitflags!(Test::{C});
    // printing or iterating over x is UB
}
Database specific
{
    "license": "CC0-1.0"
}
References

Affected packages

crates.io / enumflags2

Package

Affected ranges

Type
SEMVER
Events
Introduced
0.7.0
Fixed
0.7.7

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unsound",
    "categories": []
}